forge

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The workflow repeatedly requires reading and embedding full file contents, diffs, and “relevant_files” (and passing them verbatim into multi-model prompts and subagents), which would force any secrets present in those files to be included in LLM inputs/outputs.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly directs creating/modifying/deleting files as part of an execution plan, runs system commands (git, tests), and even spawns a Sonnet executor with mode "bypassPermissions" — effectively instructing the agent to bypass permissions and modify the host state, which is a high-risk compromise.